[monocasa]

Interestingly this is the kind of thing Rust is great at protecting against, and why Firecracker is such a neat project.

[kccqzy]

How does Rust prevent you from choosing the wrong size for an integer? It's easy to imagine a bug in Rust code in which someone is supposed to write "u8" as in this case, but didn't think carefully and just used "usize" (the most typical integer type used for indices).

[monocasa]

The palette memory would be bounds checked, which is the real bug.

[saagarjha]

It would prevent the out-of-bounds read and write, presumably.

[justincormack]

Firecracker also doesn't have this sort of complex device emulation such as VGA, only minimal virtio devices.

[monocasa]

At the moment.

[dathinab]

And in the future. The project explicitly does not want to provide anything beyond the things required for it's use case (mostly non computation intensive course servers like used for serverless computing platforms). Part of it's upperformance comes from the thinks they don't support.

(Edit: as far as I know)

[monocasa]

They're in the process of pulling the core out to share with VMMs that don't take the same asceticism, but to still allow what they at Amazon ship to be a small attack surface. This work is in the rust-vmm project.